diff options
| -rw-r--r-- | src/AccessControlMiddleware.php | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/AccessControlMiddleware.php b/src/AccessControlMiddleware.php index d900fa63..b8afeb15 100644 --- a/src/AccessControlMiddleware.php +++ b/src/AccessControlMiddleware.php @@ -3,8 +3,19 @@ namespace Tor; class AccessControlMiddleware { + const ONION_HOST_MAP = [ + 'rjrsgw3y2wzqmnvv.onion' => 'http://gsxohj375bk7gjal.onion', # prod + 'qbnprwaqyglijwqq.onion' => 'http://y7pm6of53hzeb7u2.onion', # stag + 'g2xie2z5bp5f6doi.onion' => 'http://y7pm6of53hzeb7u2.onion', # test + ]; + public function __invoke($request, $response, $next) { - $response = $response->withHeader('Access-Control-Allow-Origin', $this->torSiteBaseUrl); + $host = reset($request->getHeader('Host')); + $allowOriginUrl = $this->torSiteBaseUrl; + if (array_key_exists($host, static::ONION_HOST_MAP)) { + $allowOriginUrl = static::ONION_HOST_MAP[$host]; + } + $response = $response->withHeader('Access-Control-Allow-Origin', $allowOriginUrl); $response = $response->withHeader('Access-Control-Allow-Credentials', 'true'); $response = $response->withHeader('Access-Control-Allow-Headers', 'Content-Type'); return $next($request, $response); |